<?php
if (($user_loged_in==1)&&(isset($_FILES["upload"]))){
//	$allowedExts = array("gif", "jpeg", "jpg", "png");
	$temp = explode(".", $_FILES["upload"]["name"]);
	$extension = end($temp);
	if (
//	(
//	($_FILES["upload"]["type"] == "image/gif")
//	|| ($_FILES["upload"]["type"] == "image/jpeg")
//	|| ($_FILES["upload"]["type"] == "image/jpg")
//	|| ($_FILES["upload"]["type"] == "image/pjpeg")
//	|| ($_FILES["upload"]["type"] == "image/x-png")
//	|| ($_FILES["upload"]["type"] == "image/png")
//	)
//	&&
	($_FILES["upload"]["size"] < 8000000) //~ 8MB
//	&& in_array($extension, $allowedExts)
	)
	  {
	  if ($_FILES["upload"]["error"] > 0)
	    {
	    echo "Return Code: " . $_FILES["upload"]["error"] . "<br>";
	    }
	  else
	    {
	    echo "Upload: " . $_FILES["upload"]["name"] . "<br>";
	    echo "Type: " . $_FILES["upload"]["type"] . "<br>";
	    echo "Size: " . ($_FILES["upload"]["size"] / 1024) . " kB<br>";
	    echo "Temp file: " . $_FILES["upload"]["tmp_name"] . "<br>";

		$date = new DateTime();
		$tst = $date->getTimestamp();

		//rename with timestamp
		$new_filename = $tst.'_'.$_FILES["upload"]["name"];
	    move_uploaded_file($_FILES["upload"]["tmp_name"],
	    $path_upload."/upload/" . $new_filename);
	    echo "Stored in: " . $path_upload . "/upload/" . $_FILES["upload"]["name"];

	    //FOR CKEDITOR
		// Required: anonymous function reference number as explained above.
		$funcNum = $_GET['CKEditorFuncNum'] ;
		// Optional: instance name (might be used to load a specific configuration file or anything else).
		$CKEditor = $_GET['CKEditor'] ;
		// Optional: might be used to provide localized messages.
		$langCode = $_GET['langCode'] ;
		// Check the $_FILES array and save the file. Assign the correct path to a variable ($url).
		$url = $lnkupload . '/' . $new_filename;
		// Usually you will only assign something here if the file could not be uploaded.
		$message = '';
		echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction($funcNum, '$url', '$message');</script>";
	    }
	  }
	else
	  {
	  echo "Invalid file";
	  }
}
else{
	//INPUT route directly or user not loged in
	echo 'Nothing to do here. Bye bye!';
}